Attackers accessed, downloaded code from Grafana Labs' GitHub

A threat actor accessed Grafana Labs GitHub environment and downloaded the companys codebase. The open source observability and data visualization firm announced the incident on Sunday. The breach is significant given the firms widespread use across enterprise engineering and DevOps teams worldwide. Grafana Labs is best known for its open source dashboard and visualization platform. It also offers tools for log aggregation, continuous profiling, distributed tracing, and a hosted option. Much of its software is open source. The company also maintains proprietary portions of its codebase. The company stated that no customer data or personal information was accessed during the incident. It found no evidence of impact to customer systems or operations. The company immediately initiated forensic analysis. It believes it has identified the source of the credential leak. The compromised credentials have been invalidated and additional security measures have been implemented. Attackers have threatened to leak the downloaded codebase unless the company pays a ransom. Grafana Labs has said it will not pay the ransom. The decision aligns with the position that paying does not guarantee data recovery and only incentivizes further illegal activity. The company did not identify the attackers Grafana Labs has promised to share additional information about the incident once the investigation is complete. An update traced the compromise back to the TanStack npm supply chain attack.